← back
CVE-2020-6195

CVE-2020-6195

CVSS 6.4 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SAP SE · SAP Business Objects Business Intelligence Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2878507https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202